Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

Starts at just $1 per CPM or $0.10 per CPC.

Oscommerce site Malware warning

One of my customers sites has been constantly bringing up Malware warnings to visitors. Sometimes the site is loading and working fine with no issues and then a random malware issue occurs and some customers have received really bad virus infections from visiting the site.

I've scanned through all the files with nothing showing up, my hosts have scanned through all the files with nothing showing up, changed all the passwords hundreds of times, set up specific IP management for any admin pages so that only those using it can even get near it.

Does anyone have any suggestions on what we can do to avoid these problems?

PS Here is one of the security messages which popped up on the site;

Warning: Something's Not Right Here!
[site removed] contains content from ycono.osa.pl, a site known to distribute malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified ycono.osa.pl that we found malware on the site. For more about the problems found on ycono.osa.pl, visit the Google Safe Browsing diagnostic page.

If that's the case, then your website has been blacklisted by Google. You may contact them for more information on the matter.

You mention that your website is using osCommerce. Were you keeping osCommerce up-to-date? I'm not sure if it's really possible to know what version of osCommerce you have installed and what version is the most up-to-date. They don't have a very solid versioning system.

I've used the webmaster tool at Google and carried out a malware crawl and it showed up as having nothing problematic.

The site is highly customised so keeping it up to date is a task in itself since any updates needs some careful manual code updates. I've informed my customer that this needs to be done at least once a year though but I've not been able to persuade them to move on this yet.

I'd be happy to share the URL via PM if you would like to have a closer look?